site  contact  subhomenews

Compiling simplified 4.19.161 kernel

December 06, 2020 — BarryK

In January 2020, I posted about a simplified 4.19.97 kernel:

https://bkhome.org/news/202001/simplified-41997-kernel-running-nicely.html

The 5.4.x kernels are booting OK on my computers, but there is one person, Rodney, who gets a kernel panic. Maybe others, I don't know.

The 5.4 kernel introduces the "lockdown=confidentiality" and "lockdown=integrity" kernel parameters (also settable via securityfs), which was my main motivation to bump to it. Though, EasyOS is currently Debian Buster 10 compatible, which uses the 4.19.x kernel.

The simplified 4.19.97 compile disabled some configure options, to try and tighten up security, and this link has suggestions to tighten up enough to pretty much be equivalent to "lockdown=integrity" (in the comments):

https://mjg59.dreamwidth.org/55105.html

Right now, I am compiling the 4.19.161 kernel. Most of the configure options suggested in above link are already disabled, for this build have added these:

CONFIG_DEVMEM=y          have to keep this, Xorg needs it!
 CONFIG_STRICT_DEVMEM=y however, this tightens it up.
CONFIG_IO_STRICT_DEVMEM=n disabled. unfortunately, otherwise Xorg broken.
CONFIG_KMEM=n
CONFIG_DEVPORT=n
CONFIG_AUDIT=n
CONFIG_SECURITYFS=n

also, as was recently done with the 5.4.x kernel, turn on kvm acceleration...
CONFIG_KVM=m
CONFIG_KVM_INTEL=m
CONFIG_KVM_AMD=m

I was also thinking about having two or more kernels in each release of EasyOS, each one optimised for particular hardware. They would have to be the same version, and similar enough that there could be just one set of modules. Anyway, that idea is on hold.

EDIT 2020-12-07:
I have recompiled the 4.19.161, configured as above, but in addition have enabled some Chromebook support settings:

Device drivers ->
[*] Platform support for Chrome hardware
<*> Chrome OS laptop
< > Chrome OS pstore support
<*> Chrome OS tablet switch controller
<*> Backlight LED controller support for Chrome OS keyboards
...maybe they are only valid if running an actual ChromeOS? Though the first one, "Chrome OS laptop" looks like it would help EasyOS to bootup on a Chromebook.

I am creating EasyOS 2.5.2 image files, the first one built with this "4.19.161 pc+chromebook" kernel, and will invite testers to write it to a USB stick and test on whatever hardware they have. Does it boot? Does video, sound, network, work?

This won't be an official release, just for testing. Though, if it does work for you, you could treat it as a new release, and update an existing installation. But first, confirm a pristine first-time bootup is OK.

I plan also to have a go at configuring the 5.4.x kernel with some simplifications, as well as the Chromebook support, and will upload that also for testing.
   

Tags: easy